Social Engineering - Christopher Hadnagy [49]
One example of this I recently saw in real life was at Defcon 18. I was part of the team that brought the Social Engineering CTF to Defcon. We saw many contestants who used the pretext of an internal employee. When presented with an objection like, “What is your employee badge number?” an unskilled social engineer would get nervous and either not have an answer or hang up, whereas a skilled social engineer would bring those dissonant beliefs into alignment for the target. Simply stating a badge number they found online or using another method they were able to convince the target that information was not needed, therefore aligning the target to their beliefs.
These points are very technical answers to a very simple problem, but you must understand that one can do only so much faking. Choose your path wisely.
Practice Dialects or Expressions
Learning to speak in a different dialect cannot be glanced over quickly. Depending on where you live, learning to speak a different dialect or with an accent can take some time. Putting on a southern drawl or an Asian accent can be very difficult, if not impossible. Once I was in a training class with an international sales organization and it had some statistics that said 70% of Americans prefer to listen to people with a British accent. I am not sure if that statistic is true or not, but I can say that I enjoy the accent myself. Now after that class, I heard quite a few people in the class practice their “cheerios” and “Alo Govenors,” which were horrible. I have a good friend from the UK, Jon, who gets very angry when he hears Americans trying to use lines from Mary Poppins in an imitation British accent. If he had heard this group, he might have blown a fuse.
What that class taught me was that although the stats might say one accent is better than another for sales or just because you may be social engineering in the south or in Europe doesn’t mean you can easily put on the accent to make you appear local. When in doubt, throw it out. If you can’t make the dialect perfect, if you can’t be natural, and if you can’t be smooth, then just don’t try. Actors use vocal coaches and training sessions to learn to speak clearly in the accent they have to portray. Actor Christian Bale is from Wales, but determining that fact from listening to him is very difficult. He doesn’t sound British in most of his movies. Actor Gwyneth Paltrow took on a very convincing British accent for the movie Shakespeare in Love.
Most actors have dialect coaches who will work with them to perfect the target accent. Because most social engineers cannot afford a dialect coach, there are many publications that can help you learn at least the basics of putting on an accent, such as Dialects for the Stage by Evangeline Machlin. Although this is an older book, it contains a lot of great tips:
Find native examples of the accent you want to learn, to listen to. Books like Dialects for the Stage often come with audiotapes full of accents to listen to.
Try speaking along with the recording you have, to practice sounding like that person.
After you feel somewhat confident, record yourself speaking in that accent so you can listen to it later on and correct errors.
Create a scenario and practice your new accent with a partner.
Apply your accent in public to see if people find it believable.
There are innumerable dialects and accents, and I personally find it helpful to write out phonetically some of the sentences I will speak. This enables me to practice reading them and get the ideas sunk into my brain to make my accent more natural.
These tips can help a social engineer master or at least become proficient at using another dialect.
Even if you cannot master another